Daily Ruleset Update Summary
Daily Ruleset Update Summary 2019/02/05

[***]            Summary:            [***]

7 new Open, 32 new Pro (7 + 25). ExileRAT, QUILMINER, Peppy/KeeOIL, OSX/DarthMiner, Various Android, Various Phishing.

[+++]          Added rules:          [+++]

Open:

2026879 - ET POLICY Possible winexe over SMB - Possible Lateral Movement (policy.rules)
2026880 - ET USER_AGENTS AppControls.com User-Agent (user_agents.rules)
2026881 - ET USER_AGENTS AppControls.com User-Agent (user_agents.rules)
2026882 - ET POLICY Observed External IP Lookup SSL Cert (policy.rules)
2026883 - ET USER_AGENTS Peppy/KeeOIL Google User-Agent (google/dance) (user_agents.rules)
2026884 - ET TROJAN Peppy/KeeOIL Google Connectivity Check (trojan.rules)
2026885 - ET USER_AGENTS Peppy/KeeOIL User-Agent (ekeoil) (user_agents.rules)

Pro:

2834729 - ETPRO MOBILE_MALWARE Trojan-Banker.AndroidOS.Asacub.a Checkin 462 (mobile_malware.rules)
2834730 - ETPRO MOBILE_MALWARE Android.Spyware.SmsSpy.J SMS Exfil via SMTP (mobile_malware.rules)
2834731 - ETPRO MOBILE_MALWARE Android.Monitor.MobileSpy.L Reporting Infection via SMTP (mobile_malware.rules)
2834732 - ETPRO TROJAN OSX/DarthMiner Monero Authstring (trojan.rules)
2834733 - ETPRO TROJAN DDG Miner Monero Authstring (trojan.rules)
2834734 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-05 1) (trojan.rules)
2834735 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-05 2) (trojan.rules)
2834736 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline (2019-02-05 3) (trojan.rules)
2834737 - ETPRO POLICY Observed DNS Query to *.jumpingcrab .com Domain - Likely Hostile (policy.rules)
2834738 - ETPRO TROJAN Win32/Unk.CoinMiner CnC Activity (trojan.rules)
2834739 - ETPRO TROJAN ExileRAT CnC Activity M1 (trojan.rules)
2834740 - ETPRO TROJAN ExileRAT CnC Activity M2 (trojan.rules)
2834741 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-05 (current_events.rules)
2834742 - ETPRO CURRENT_EVENTS Successful Paypal Phish 2019-02-05 (current_events.rules)
2834743 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-05 (current_events.rules)
2834744 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-05 (current_events.rules)
2834745 - ETPRO CURRENT_EVENTS Successful Generic Credit Card Information Phish 2019-02-05 (current_events.rules)
2834746 - ETPRO CURRENT_EVENTS Successful Discover Phish 2019-02-05 (current_events.rules)
2834747 - ETPRO CURRENT_EVENTS Successful Stripe Phish 2019-02-05 (current_events.rules)
2834748 - ETPRO CURRENT_EVENTS Successful Banco Inter Phish 2019-02-05 (current_events.rules)
2834749 - ETPRO TROJAN QUILMINER Activity (trojan.rules)
2834750 - ETPRO TROJAN MSIL/Spy.Agent.BOB CnC Activity (trojan.rules)
2834751 - ETPRO TROJAN Win32/Agent.ZWI Variant Retrieving Additional Payloads (trojan.rules)
2834752 - ETPRO TROJAN Observed Malicious SSL Cert (FIN7 Griffon CnC) (trojan.rules)
2834753 - ETPRO TROJAN FIN7 Griffon DNS Lookup (trojan.rules)

[///]     Modified active rules:     [///]

2812875 - ETPRO POLICY External IP Lookup - (iplocation .net) (policy.rules)
2828814 - ETPRO TROJAN MSIL/Subti.N CnC Beacon (trojan.rules)

Date:
Summary title:
7 new Open, 32 new Pro (7 + 25). ExileRAT, QUILMINER, Peppy/KeeOIL, OSX/DarthMiner, Various Android, Various Phishing.